Tuesday, April 30, 2013

For any interested in initiatives to make government data
more accessible, I ran across an interesting API put out by Civic Impulse –
the GovTrack API (http://www.govtrack.us/developers/api).The API allows queries to be made regarding many
of the bills being debated about in the US congress as well as the ability to
programmatically look up information pertaining to members of Congress.The available documentation for the API is
located at the link already provided, but a small Perl script below will
demonstrate the basics of accessing the API in Perl.

This script will query the API for bills regarding “fracking”
in the “112” session of congress and will simply print out the retrieved
results.

The
results are returned in the JSON format be default, but the API does allow for
parameters to be specified for XML or CSV based results as alternatives.For the code above the returned JSON would
look as follows:

Friday, April 26, 2013

The search engine Shodan (http://www.shodanhq.com/)
has recently drawn a lot of attention as the “scariest search engine on the
internet” since it lets you search for computers and other devices by IP, OS,
location, etc, and in doing so often reveals information that the computer
owner’s might not have ever intended to be public.For security professionals it makes for an
interesting tool for pen-testing and forensics.For any Perl developers that are interested in such work the good news
is that they have an API and they have a nice Perl tutorial already in place
documenting how to use it (http://docs.shodanhq.com/perl/tutorial.html#).They also provide one sample Perl script that
lets you generate a list of IP addresses that match your query terms (http://docs.shodanhq.com/perl/examples.html).The API does make use of an API key that
requires registration to use.

Tuesday, April 23, 2013

Sometimes it is useful to be able to randomize the elements
of an array and this posting will demonstrate a simple way of accomplishing
that using the shuffle subroutine of the List::Util Perl module.As a sample use case let’s consider a
simplistic random password generator that was designed to generate passwords
that contain two uppercase characters, two numbers, and four lowercase
characters. A sample code snippet that would accomplish such a task might look
as follows:

#!usr/bin/perl

use
List::Util 'shuffle';

use
strict;

use
warnings;

#Ensure
number of each character type requirements are met

my
@randuc=map{('A'..'Z')[rand(26)]}(1..2);

my
@randlc=map{('a'..'z')[rand(26)]}(1..4);

my
@randnum=map{int(rand(10))}(1..2);

my
@pass=(@randuc, @randlc, @randnum);

my
$passwd=join("", @pass);

print
"$passwd \n";

If executed, this code would create random passwords such as
“SEadzs55”, which clearly meet the complexity requirements, but if we run the
password generator over and over again a pattern should emerge.The two upper case characters will always be
first, followed by the four lowercase characters, followed by the two
numbers.This pattern greatly reduces
the randomness of our passwords and is a common mistake you see in many random
password generators.We could greatly
improve this code by adding some additional code that will randomize the
elements of the password, so there is no definitive pattern as to the ordering
of characters.We could do this with the
following code snippet:

#Shuffles
the generated characters so uc characters not always first

#followed
by lc characters, etc to improve randomness

my
@mixed = shuffle(@pass);

$passwd=join("",
@mixed);

print
"$passwd \n";

If we now execute the code with this addition multiple
times, will see that after each execution the ordering of the characters is
randomized, thereby improving the entropy of our password.